CVE-2009-1713

HIGH

Description

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://osvdb.org/54975

http://secunia.com/advisories/35379

http://secunia.com/advisories/43068

http://support.apple.com/kb/HT3613

http://www.securityfocus.com/bid/35260

http://www.ubuntu.com/usn/USN-857-1

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2011/0212

https://exchange.xforce.ibmcloud.com/vulnerabilities/51267

Details

Source: MITRE

Published: 2009-06-10

Updated: 2017-08-17

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
75629	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
53764	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
44852	Debian DSA-1988-1 : qt4-x11 - several vulnerabilities	Nessus	Debian Local Security Checks	high
42467	Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)	Nessus	Ubuntu Local Security Checks	high
39339	Safari < 4.0 Multiple Vulnerabilities	Nessus	Windows	high
39338	Mac OS X : Apple Safari < 4.0	Nessus	MacOS X Local Security Checks	high
5046	Safari < 4.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
800993	Safari < 4.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high